[Samba] Samba + multiple ADS Workaround

Pal Dorogi pal.dorogi at answare.hu
Fri Jul 2 18:52:12 GMT 2004 

Hi All!

I am a really newbie in samba (in english too). 

Problem:
So I installed a Samba 3.0.4 (ADS member server) in the sun box with two 
ADS. Everything work great, but if 
the primary ADS (lower IP) is crashed, then the wbinfo -t, wbinfo -u ... 
answers has a very long 
timeout (~8-9 min).

Descriptions (after a lot of debugging):
* The Sun box  has same time for initialize a TCP connection (SYN_SENT) if 
the destination host not running.
        - Try on linux how much is yours machine with "# date; telnet 
192.168.0.1; date" (IP must good on your network and not exist on it)
* Samba has a cache for the unavailable ADS (KDC) (but this expire after 
30 seconds)
        - the samba has an ordered list for the KDC (ordered by IP)

Problem continue:
So, if the primary ADS (lower IP) will be crash, then the samba will do 
this (if somebody want something from the Samba server):
 * Get the ordered list which is int the /etc/krb5/krb5.conf (kdc = ..., 
kdc = ...)
 * Trying the connect to the ADS:389  (first pass from the ordered list 
and approx 8-9minute )
        - if cannot connect to it, then put this ADS into the 
"failed_connection_cache" (but if it is expired (30sec) then remove from 
cache)
        So this allways try to connect to the first ADS because the cache 
expire time is allways expired. This is a typical deadlock syndrome.

Solutions:
1. tuning TCP stack on Sun box to 35 sec (on linux I don't know how must 
do it)
        ndd -set /dev/tcp tcp_rexmit_interval_extra 0 
        ndd -set /dev/tcp tcp_rexmit_interval_initial 500 
        ndd -set /dev/tcp tcp_ip_abort_interval 20000 
        ndd -set /dev/tcp tcp_ip_abort_cinterval 20000 

 
2. Setup the FAILED_CONNECTION_CACHE_TIMEOUT constant
        - #define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between 
attempts */
        + #define FAILED_CONNECTION_CACHE_TIMEOUT 3600 /* One hour, it is 
enough I think */
 


Problem with the solutions:
If the all ADS will be crash, then you must restart the samba after the 
ADS's come back because we has 
a very long cache expire time.


So, I hope this article help for everybody who has same problem...


Pal

More information about the samba mailing list